Skip to main content
3Nsofts logo
3Nsofts

Privacy Policy

Effective Date: March 8, 2026Last Updated: March 8, 2026

Our Core Principle: Your Email Stays on Your Device

Unlike traditional email services, Sorto processes all email data locally on your iOS device. We do not collect, store, transmit, or analyze your email content on our servers. We do not have access to your messages.

Introduction

Sorto ("we," "our," or "us") is committed to protecting your privacy. This Privacy Policy explains how we handle information when you use the Sorto iOS application (the "App").

Information We Do NOT Collect

To be absolutely clear, we DO NOT:

  • Collect or store your email messages
  • Upload email content to any server
  • Analyze email content on external servers
  • Share email data with third parties
  • Track message contents or reading behavior
  • Build profiles based on your email activity
  • Sell or monetize your email data in any way

Information Collection and Use

1. Email Account Access

What We Access:

When you connect an email account (Gmail, Microsoft Outlook, iCloud Mail, or IMAP), Sorto accesses your email messages to provide classification and organization services.

How We Access It:

  • Gmail: Uses OAuth 2.0 authorization with Google's APIs. We request read-only access to your Gmail messages through Google's secure authentication system.
  • Microsoft Outlook: Uses OAuth 2.0 authorization with Microsoft's APIs. We request email read access through Microsoft's secure authentication system.
  • iCloud Mail: Uses IMAP protocol with your iCloud credentials (email address and app-specific password) for secure server connection.
  • IMAP Accounts: Uses standard IMAP protocol with your server credentials (username and password) stored securely in your device's Keychain.

Where Processing Happens:

  • All email message processing, classification, and intelligence analysis occurs entirely on your iPhone or iPad.
  • No email content is transmitted to Sorto servers or any third-party servers.

2. Authentication Credentials

What We Store:

  • OAuth access tokens and refresh tokens (for Gmail and Outlook)
  • IMAP credentials (username and password for iCloud and generic IMAP accounts)

How We Store It:

  • All credentials are stored in your device's secure iOS Keychain, using Apple's hardware-backed encryption.
  • Credentials are encrypted and protected by your device passcode or biometric authentication.
  • We cannot access credentials stored in the Keychain from outside your device.

What We Do With It:

  • Credentials are used solely to authenticate with email servers and fetch your messages.
  • OAuth tokens are automatically refreshed when they expire to maintain seamless access.

3. Device-Local Data Storage

What We Store Locally:

  • Email message metadata (subject, sender, date, labels, read status)
  • Message classification results (categories, confidence scores, decision paths)
  • Thread information and conversation grouping
  • Sender profiles and communication patterns
  • Sync state and tokens for efficient incremental fetching

How We Store It:

  • All data is stored in the App's local database using Apple's SwiftData framework.
  • This data never leaves your device.
  • The data is protected by iOS's standard app sandboxing and file encryption.

4. Analytics and Diagnostics

Current Status: We currently do NOT collect any analytics, usage statistics, or diagnostic data.

Future Plans: If we introduce analytics in future versions, we will:

  • Update this Privacy Policy with clear disclosure
  • Use only aggregated, anonymized data
  • Allow you to opt out
  • Never link analytics to your email content or personal information

Third-Party Services

Email Providers

When you connect an account, you are directly authenticating with your email provider (Google, Microsoft, Apple, or your IMAP server). These providers may collect data according to their own privacy policies:

Sorto's access to your email is limited to the permissions you grant during OAuth authorization or IMAP configuration. You can revoke this access at any time through your email provider's account settings.

No Other Third-Party Services

Sorto does not integrate with:

  • Analytics platforms (e.g., Google Analytics, Mixpanel)
  • Advertising networks
  • Social media platforms
  • Cloud storage providers
  • AI/ML APIs for message processing

All intelligence and classification happens on-device using built-in iOS frameworks and local models.

Data Retention

  • Email Data: Stored on your device indefinitely until you delete the App or remove an account.
  • Credentials: Stored in the iOS Keychain until you delete the App or revoke access through your email provider.
  • Deleted Accounts: When you remove an account from Sorto, all associated data (messages, threads, classifications) is permanently deleted from your device. Credentials are removed from the Keychain.

Data Security

On-Device Encryption

  • All data stored by Sorto is protected by iOS's built-in file encryption and app sandboxing.
  • Credentials are stored in the iOS Keychain with hardware-backed encryption (Secure Enclave on supported devices).

Network Security

  • All communication with email servers uses industry-standard TLS/SSL encryption.
  • OAuth tokens are transmitted over secure HTTPS connections only.
  • IMAP connections use STARTTLS or SSL/TLS encryption.

No Server-Side Storage

Because we don't collect or transmit your email data to our servers, there is no server-side data to secure, breach, or leak.

Your Rights and Choices

Access and Control

  • View Classifications: See exactly how and why each message was classified through the App interface.
  • Remove Accounts: Delete email accounts from Sorto at any time through the App settings.
  • Revoke Access: Revoke Sorto's access through your email provider's account management interface at any time.

Data Deletion

  • Delete App Data: Uninstalling the App permanently deletes all locally stored email data, classifications, and Keychain credentials.
  • Per-Account Deletion: Remove individual accounts through the App to delete all data associated with that account.

Opt-Out

You can stop using Sorto at any time by deleting the App from your device.

Children's Privacy

Sorto is not directed to individuals under the age of 13. We do not knowingly collect information from children. If you believe a child has provided information to Sorto, please contact us immediately.

Changes to This Privacy Policy

We may update this Privacy Policy from time to time. Changes will be effective when posted within the App or on our website. Significant changes will be highlighted through:

  • In-app notifications
  • Updates on our website
  • Email notification (if we add email collection features in the future)

Continued use of Sorto after changes constitutes acceptance of the updated policy.

Contact Us

If you have questions or concerns about this Privacy Policy or Sorto's privacy practices:

Email: privacy@sorto.app
Website: https://3nsofts.com/sorto/privacy

For data protection inquiries specifically, contact our Data Protection Officer at dpo@sorto.app.

Transparency Commitment

We believe privacy should be simple and transparent. Here's our commitment:

  • ✅ All email processing happens on your device
  • ✅ No email content sent to external servers
  • ✅ No user tracking or behavioral analytics
  • ✅ No ads, no data monetization
  • ✅ Open authentication standards (OAuth 2.0, IMAP/TLS)
  • ✅ Credentials secured in iOS Keychain
  • ✅ You control your data—always

This Privacy Policy was last updated on March 8, 2026. Previous versions are available upon request.

Back to Sorto